Nearly six months after exposing the group, Trend Micro and ClearSky published an updated report on Rocket Kitten, a state-sponsored group targeting Israeli and European organizations.
The new report, “The Spy Kittens Are Back: Rocket Kitten 2,” detailed the group’s methodology and goals. Both organizations noted that the group conducts its business for cyberespionage and received no monetary gains. The Advanced Persistent Threat (APT) campaign also had its perpetrators targeting personal accounts, versus corporate ones, which allows them to seamlessly move from a less secure home network to an individual’s corporate accounts and network.
An ignored phishing email didn’t deter this group – members sent emails daily with slightly altered content to encourage a target to open attachments. In one case, a recipient replied back in Hebrew questioning the email’s legitimacy.
The attackers replied in the affirmative in Hebrew and encouraged the person to open attached files.